9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.16 Low
EPSS
Percentile
95.9%
Package : ppp
Version : 2.4.6-3.1+deb8u1
CVE ID : CVE-2020-8597
Debian Bug : 950618
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
the Point-to-Point Protocol daemon. When receiving an EAP Request
message in client mode, an attacker was able to overflow the rhostname
array by providing a very long name. This issue is also mitigated by
Debian's hardening build flags.
For Debian 8 "Jessie", this problem has been fixed in version
2.4.6-3.1+deb8u1.
We recommend that you upgrade your ppp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | ppp | < 2.4.7-1+4+deb9u1 | ppp_2.4.7-1+4+deb9u1_all.deb |
Debian | 9 | all | ppp-dev | < 2.4.7-1+4+deb9u1 | ppp-dev_2.4.7-1+4+deb9u1_all.deb |
Debian | 10 | armhf | liblwip0 | < 2.0.3-3+deb10u1 | liblwip0_2.0.3-3+deb10u1_armhf.deb |
Debian | 10 | amd64 | liblwip0-dbgsym | < 2.0.3-3+deb10u1 | liblwip0-dbgsym_2.0.3-3+deb10u1_amd64.deb |
Debian | 8 | all | ppp | < 2.4.6-3.1+deb8u1 | ppp_2.4.6-3.1+deb8u1_all.deb |
Debian | 10 | ppc64el | liblwip0 | < 2.0.3-3+deb10u1 | liblwip0_2.0.3-3+deb10u1_ppc64el.deb |
Debian | 9 | ppc64el | ppp | < 2.4.7-1+4+deb9u1 | ppp_2.4.7-1+4+deb9u1_ppc64el.deb |
Debian | 10 | mips | ppp-udeb | < 2.4.7-2+4.1+deb10u1+b1 | ppp-udeb_2.4.7-2+4.1+deb10u1+b1_mips.deb |
Debian | 10 | armel | ppp-dbgsym | < 2.4.7-2+4.1+deb10u1+b1 | ppp-dbgsym_2.4.7-2+4.1+deb10u1+b1_armel.deb |
Debian | 10 | armhf | ppp | < 2.4.7-2+4.1+deb10u1+b1 | ppp_2.4.7-2+4.1+deb10u1+b1_armhf.deb |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.16 Low
EPSS
Percentile
95.9%